Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bmc vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are a...
Bmc Remedy Smart Reporting
9.8
CVSSv3
CVE-2019-16755
BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote malicious users to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versio...
Bmc Myit Digital Workplace
7.8
CVSSv3
CVE-2019-17043
An issue exists in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an malicious user to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded d...
Bmc Patrol Agent 9.0.10i
1 Github repository
9.8
CVSSv3
CVE-2022-24047
This vulnerability allows remote malicious users to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results f...
Bmc Track-it\\! 20.21.01.102
NA
CVE-1999-0921
BMC Patrol allows any remote malicious user to flood its UDP port, causing a denial of service.
Bmc Patrol Agent 3.2.5
NA
CVE-2014-4874
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
Bmc Track-it\\! 11.3.0.355
1 EDB exploit
NA
CVE-2013-4945
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote malicious users to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie par...
Bmc Service Desk Express 10.2.1.95
1 EDB exploit
8.1
CVSSv3
CVE-2017-18223
BMC Remedy AR System prior to 9.1 SP3, when Remedy AR Authentication is enabled, allows malicious users to obtain administrative access.
Bmc Remedy Action Request System
5.4
CVSSv3
CVE-2017-18228
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
Bmc Remedy Action Request System
NA
CVE-2012-2959
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote malicious users to hijack the authentication of administrators for requests that change passwords.
Bmc Identity Management Suite 7.5.00.103
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »